TPM chip protecting SSH keys - properly

Nov 26, 2013,
Categories: security,hsm,tpm,unix

Not long after getting my TPM chip to protect SSH keys in a recent
blog post, it started to become obvious that OpenCryptoKi was
not the best solution. It’s large, complicated, and, frankly,
insecure. I dug in to see if I could fix it, but there was too much I
wanted to fix, and too many features I didn’t need.

So I wrote my own. It’s smaller, simpler, and more secure. This post
is about this new solution.

Why not Opencryptoki?

It generates migratable keys. This is hardcoded, and some people
obviously want migratable keys (for backup purposes). So a fix would
have to involve supporting both.

Opencryptoki has no way to send such parameters from the command
line key generator to the PKCS11 library. So not only would I have
to implement the setting, but the whole settings subsystem.

The code is big, because it supports a lot of features. Features I
don’t need or want. They get in the way of me as a user, and of me
fixing the other issues.

The code is of pretty poor quality. I encountered configuration
problems causing segfaults, and that many (if not most) errors
(like permission errors) give the error message “Incorrect PIN”,
because system calls are not checked for success. I can’t trust
code where a function that is meant to lock a file using
open()+flock() tries to flock() file descriptor 2^32-1, because
open() was not checked for success. (of course, flock() was not
checked for success either, so it just continued happily without
having locked anything!)